Today the European Parliament has adopted new EU legislation to fight cyber-crime, such as large-scale cyber-attacks.

"This is an important step to boost Europe's defences against cyber-attacks. Attacks against information systems pose a growing challenge to businesses, governments and citizens alike. Such attacks can cause serious damage and undermine users' confidence in the safety and reliability of the Internet.

I am therefore pleased that formal approval has been reached on new rules concerning the definition of criminal offences and the sanctions in the area of cybercrime. The perpetrators of increasingly sophisticated attacks and the producers of related and malicious software can now be prosecuted, and will face heavier criminal sanctions. Member States will also have to quickly respond to urgent requests for help in the case of cyber-attacks, hence improvingEuropean justice and police cooperation.

Together with the launch of the European Cybercrime Centre and the adoption of the EU Cyber-security Strategy, the new Directive will strengthen our overall response to cybercrime and contribute to improve cyber security for all our citizens", said Cecilia Malmström, EU Commissioner for Home Affairs.

Background

The Directive on attacks against information systems builds on rules that have been in force since 2005 (Council Framework Decision 2005/222/JHA). While retaining a number of current provisions, it introduces new offences, such as the use of tools to commit large-scale attacks, new aggravating circumstances and higher criminal sanctions that are necessary to fight more effectively large scale attacks against information systems.

Moreover, the Directive improves cross-border cooperation between the judiciary and the police of the Member States, introducing the obligation for Member States to make better use of the existing 24/7 network of contact points by treating urgent requests within 8 hours.

Finally, the Directive provides for the obligation to collect statistical data on cyber-attacks and for Member States to have reporting channels in place for reporting of the offences to competent authorities.

Once it's published in the EU Official Journal, Member States will have an obligation to comply with the new Directive and implement its provisions into national legislation within two years at the latest.